Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild.
The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to “memory corruption while maintaining memory maps of HLOS memory.”
Qualcomm credited Google Project Zero researcher Seth Jenkins-Google Project Zero and Conghui Wang for reporting the flaw, and Amnesty International Security Lab for confirming in-the-wild activity.
Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).
➤ Get Mullvad VPN with 12% Discount
“There are indications from Google Threat Analysis Group that CVE-2024-43047 may be under limited, targeted exploitation,” the chipmaker said in an advisory.
“Patches for the issue affecting FASTRPC driver have been made available to OEMs together with a strong recommendation to deploy the update on affected devices as soon as possible.”
The full scope of the attacks and their impact is presently unknown, although it’s possible that it may have been weaponized as part of spyware attacks targeting civil society members.
October’s patch also addresses a critical flaw in the WLAN Resource Manager (CVE-2024-33066, CVSS score: 9.8) that’s caused by an improper input validation and could result in memory corruption.
The development comes as Google released its own monthly Android security bulletin with fixes for 28 vulnerabilities, which also comprise issues identified in components from Imagination Technologies, MediaTek, and Qualcomm.
Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.
Some parts of this article are sourced from:
thehackernews.com
Vulnerable APIs and Bot Attacks Costing Businesses Up to $186 Billion Annually